2.2.4. systemd

While it is designed as a drop-in sysvinit replacement and as such makes use of
existing SysV init scripts, the systemd package can be installed safely
alongside sysvinit and started via
the init=/bin/systemd kernel option. To utilize the
features provided by systemd, about 50 packages already provide native
support, among them core packages like udev, dbus and rsyslog.

systemd is shipped as a technology preview in Debian 7.0. For more
information on this topic, see the Debian wiki.

2.2.5. Multimedia

Debian wheezy comes with improved multimedia support: ffmpeg has been replaced by the libav fork
(libav-tools), which is considered
to feature a more conservative release process and thus fit better to
Debian's needs. It provides all libraries and prepares an upgrade path for
existing application packages. The full-featured libav libraries and
frontends include e.g. mplayer,
mencoder, vlc and
transcode. Additional codec support is provided e.g.
through lame for MP3 audio encoding,
xvidcore for MPEG-4 ASP video encoding,
x264 for H.264/MPEG-4 AVC video encoding,
vo-aacenc for AAC audio encoding and
opencore-amr and vo-amrwbenc for
Adaptive Multi-Rate Narrowband and Wideband encoding and decoding,
respectively. For most use cases, installation of packages from third-party
repositories should not be necessary anymore. The times of crippled
multimedia support in Debian are finally over!

2.2.6. Hardened security

Many Debian packages have now been built with gcc compiler hardening flags enabled. These
flags enable various protections against security issues such as stack
smashing, predictable locations of values in memory, etc. An effort has
been made to ensure that as many packages as possible include these flags,
especially focusing on those in the 'base'-installation, network-accessible
daemons and packages which have had security issues in recent years.

Note that the hardened build flags are not enabled by default in gcc, so are not used automatically when locally
building software. The package hardening-wrapper can provide a
gcc with these flags enabled.

2.2.7. AppArmor

Debian 7.0 supports the AppArmor Mandatory Access Control system. When
enabled, AppArmor confines programs according to a set of rules that specify
what files a given program can access. This proactive approach helps
protecting the system against both known and unknown vulnerabilities.

AppArmor is disabled by default in Debian 7.0. The Debian wiki has instructions on how to use
this functionality.

The next time you run apt-get update, the system will
become aware of the packages in the
wheezy-backports section and they will be
available for installation in the same way as the old backports.debian.org
archive.

When a new package is made available via
wheezy-backports to fix a security issue, this
will be announced on the debian-backports-announce
mailing list.

Note that if APT::Default-Release is set in your
/etc/apt/apt.conf (or in any of
/etc/apt/apt.conf.d/*), then, in order for automatic
upgrades to work, it is necessary to add the following configuration block
into /etc/apt/preferences (see
apt_preferences(5) for more information):

2.2.10. GNOME 3

GNOME has undergone a major interface rewrite in the upgrade to version
3.4. The traditional GNOME panel has been replaced by the
“shell”, an innovative interface with major usability
improvements.

Among other things, it features dynamic workspaces, an on-screen keyboard
(Caribou), instant messaging built into the interface, and integration with
the GNOME keyring and PolicyKit.

If you want to keep an interface closer to the GNOME 2.30 version in wheezy,
you can select the “GNOME Classic” session at the login
prompt. It will bring you an improved version of the traditional panel. You
can still edit the panel to add more applets, by using the hidden alt+right
click combination.

If your hardware is not compatible with the GNOME shell's requirements, you
will also be redirected to the “classic” interface.

2.2.10.1. New and removed applications

Sushi is a new previewing application. Just press the space key on a file in
the file manager, and enjoy.

The Tracker indexing tool is now part of the GNOME desktop. After your
first login, it will index your desktop, and is now available as the default
search tool. It is also the key to the new GNOME documents tool to manage
your recently used documents.

Ekiga is no longer part of GNOME. Many of its features are now available in
Empathy.

2.2.10.2. Settings

Most technologies underlying GNOME are still here: the D-Bus messaging
system, the PolicyKit permissions manager, the GStreamer multimedia system,
the gvfs virtual file system, the MIME system, the ConsoleKit, udisks and
upower interfaces to hardware management; all are kept without major
changes.

However, the underlying configuration system to GNOME has undergone a major
evolution, from GConf to a new system named GSettings, which is much faster
and more versatile. The settings can be browsed or edited using the
(recommended) gsettings command-line tool, or the dconf-editor graphical
tool. The GConf system is still available for third-party applications that
use it.

Most settings are migrated upon upgrade, but for technical and conceptual
reasons, a selected number of settings are not:

default session and language (now managed by the accountsservice daemon);

desktop wallpaper;

default GTK+ theme (none of the previous themes exist anymore);

panel and applets configuration (applets now use relative positioning);

default browser and mailer (the settings are now part of the MIME system
through x-scheme-handler/* types).

2.2.10.3. Display manager

The GNOME display manager (gdm3)
has undergone a major evolution together with the desktop. The primary
change is that settings for the login prompt have been migrated to GSettings
as well. The configuration file has changed to greeter.gsettings and
settings are not preserved. This only affects interface settings; daemon
settings are still in the same place.

The legacy GDM 2.20 package is no longer available; most of its former
features are now available in GDM 3.x.

2.2.10.4. Network management

GNOME now features online connectivity awareness, with several applications
and the GNOME shell using NetworkManager. This enables
support for IPv6 and a wide range of other networking technologies, such as
VPNs, wireless and 3G.

GNOME users are strongly advised to use NetworkManager
for network connectivity; the GNOME components work best with
NetworkManager. If you are planning on using another
network management daemon instead (such as wicd-daemon),
please see Section Oddiel 5.6, “NetworkManager”.

2.2.11. Cloud

Debian 7.0 includes the OpenStack suite as well as the Xen Cloud
Platform (XCP), allowing users to deploy their own cloud infrastructure.

Debian images are also provided on the major public cloud platforms,
including Amazon EC2, Windows Azure and Google Compute Engine.

2.2.12. Temporary filesystems

In previous releases, temporary (tmpfs) filesystems were
mounted on /lib/init/rw, /dev/shm/ and optionally on /var/lock and /var/run. /lib/init/rw has been removed, and the others
have been moved under /run.
/var/run and /var/lock were configured using
RAMRUN and RAMLOCK in
/etc/default/rcS. All these tmpfs
filesystems are now configurable using
/etc/default/tmpfs; the old settings are not migrated
automatically.

Old location

New location

Old setting

New setting

/etc/default/rcS

/etc/default/tmpfs

/lib/init/rw

/run

N/A

N/A

/var/run

/run

RAMRUN

N/A

/var/lock

/run/lock

RAMLOCK

RAMLOCK

/dev/shm

/run/shm

N/A

RAMSHM

N/A

/tmp

N/A

RAMTMP

The migration of data to the new locations will occur automatically during
the upgrade and will continue to be available at the old and new locations,
with the exception of /lib/init/rw.
No action is required on your part, though you may wish to customize which
tmpfs filesystems are mounted, and their size limits, in
/etc/default/tmpfs after the upgrade is complete.
Please see the tmpfs(5) manual page for further details.

If you have written any custom scripts which make use of /lib/init/rw, these must be updated to use
/run instead.

/tmp is not a
tmpfs by default. If you chose to use this feature,
please note that:

the contents of /tmp are not
preserved across reboots; /var/tmp
exists for this purpose;

the maximum size of /tmp may
(depending upon your specific system) be smaller than before. If you find
that there is insufficient free space, it is possible to increase the size
limits; see tmpfs(5).

Applications which create excessively large temporary files may cause
/tmp to run out of free space. It
should be possible to configure a different location for those files by
setting the TMPDIR environment variable.

If desired, the defaults may also be overridden with an entry in
/etc/fstab, for example: